GNU Mailman 2.1.24

Milestone information

GNU Mailman
Mark Sapiro
Release registered:
Yes. Drivers can target bugs and blueprints to this milestone.  

Download RDF metadata


Assigned to you:
No blueprints or bugs assigned to you.
20 Mark Sapiro
No blueprints are targeted to this milestone.
20 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon mailman-2.1.24.tgz (md5, sig) Mailman 2.1.24 final 1,185
last downloaded 36 weeks ago
Total downloads: 1,185

Release notes 

This release is primarily a bug fix release with a few minor feature additions and a fix for a probably non-exploitable security issue. See the changelog for details.


View the full changelog

2.1.24 (02-Jun-2017)


    - A most likely unexploitable XSS attach that relies on the Mailman web
      server passing a crafted Host: header to the CGI environment has been
      fixed. Apache for one is not vulnerable. Thanks to Alqnas Eslam.

  New Features

    - There is a new RCPT_BASE64_HEADER_NAME setting. If this is set to a
      non-empty string, that string is the name of a header that will be added
      to personalized and VERPed deliveries with value equal to the base64
      encoding of the recipient's email address. This is intended to enable
      identification of the recipient otherwise redacted from "spam report"
      feedback loop messages.

    - cron/senddigests has a new -e/--exceptlist option to send pending
      digests for all but a named list. (LP: #1619770)

    - The values for DEFAULT_DIGEST_FOOTER and DEFAULT_MSG_FOOTER have been
      changed to use a standard signature separator for DEFAULT_MSG_FOOTER
      and to remove the unneded line of underscores from DEFAULT_DIGEST_FOOTER.
      (LP: #266269)


    - The Polish html templates have been recoded to use html entities
      instead of non-ascii characters.

    - The Basque (Euskara) translation has been updated by Gari Araolaza.

    - The German "details for personalize" page has been updated by
      Christian F Buser.

    - The Japanese translation has been updated by Yasuhito FUTATSUKI.

  Bug fixes and other patches

    - The <email address hidden> addresses are now added to virtual-mailman
      as they are exposed in 'list created' emails. (LP: 1694384)

    - The 'list run by' addresses in web page footers are now just the
      list-owner address. (LP: #1694384)

    - Changed member_verbosity_threshold from a >= test to a strictly > test
      to avoid the issue of moderating every post when the threshold = 1.
      (LP: #1693366)

    - Subject prefixing has been improved to always have a space between
      the prefix and the subject even with non-ascii in the prefix. This
      will sometimes result in two spaces when the prefix is non-ascii but
      the subject is ascii, but this is the lesser evil. (LP: #1525954)

    - Treat message and digest headers and footers as empty if they contain
      only whitespace. (LP: #1673307)

    - Ensured that added message and digest headers and footers always have
      a terminating new-line. (LP: #1670033)

    - Fixed an uncaught TypeError in the subscribe CGI. (LP: #1667215)

    - Added recognition for a newly seen mailEnable bounce.

    - Fixed an uncaught NotAMemberError when a member is removed before a
      probe bounce for the member is returned. (LP: #1664729)

    - Fixed a TypeError thrown in the roster CGI when called with a listname
      containing a % character. (LP: #1661810)

    - Fixed a NameError issue in bin/add_members with
      DISABLE_COMMAND_LOCALE_CSET = yes. (LP: #1647450)

    - The CleanseDKIM handler has been removed from OWNER_PIPELINE. It isn't
      needed there and has adverse DMARC implications for messages to -owner
      of an anonymous list. (LP: #1645901)

    - Fixed an issue with properly RFC 2047 encoding the display name in the
      From: header for messages with DMARC mitigations. (LP: #1643210)

    - Fixed an issue causing UnicodeError in sending digests following a
      change of a list's preferred_language. (LP: #1644356)

    - Enhanced the fix for race conditions in MailList().Load(). (LP: #266464)

    - Fixed a typo in that could have resulted in a NameError in
      logging an unlikely occurrence. (LP: #1637745)

    - Fixed a bug which created incorrect "view more members" links at the
      bottom of the admin Membership List pages. (LP: #1637061)

    - The 2.1.23 fix for LP: #1604544 only fixed the letter links at the top
      of the Membership List. The links at the bottom have now been fixed.

    - now adds dist-packages as well as site-packages to sys.path.
      (LP: #1621172)

    - INIT INFO has been added to the sample init.d script. (LP: #1620121)

0 blueprints and 20 bugs targeted

Bug report Importance Assignee Status
1643210 #1643210 'from_is_list' does not RFC2047 encode correctly when translation contains non-ascii char 3 High Mark Sapiro  10 Fix Released
266269 #266269 Default list signature blocks do not follow good netiquette 4 Medium Mark Sapiro  10 Fix Released
266464 #266464 Subscriber "disappears" after subscription 4 Medium Mark Sapiro  10 Fix Released
1604544 #1604544 Letter links and footer links on admin Membership List rendered as Unicodes. 4 Medium Mark Sapiro  10 Fix Released
1621172 #1621172 should add dist-packages (import error in Mailman CGIs) 4 Medium Mark Sapiro  10 Fix Released
1637061 #1637061 Incorrect URLs in admin Membership List when chunked 4 Medium Mark Sapiro  10 Fix Released
1645901 #1645901 DKIM signatures stripped from -owner messages with anonymous lists 4 Medium Mark Sapiro  10 Fix Released
1693366 #1693366 Setting member_verbosity_threshold to 1 results in moderating first post. 4 Medium Mark Sapiro  10 Fix Released
1694384 #1694384 Missing mailman-owner@VIRTUAL_DOMAIN entry in data/virtual-mailman 4 Medium Mark Sapiro  10 Fix Released
1525954 #1525954 mailman-2.1.20: option "subject_prefix": prefix trailing blanks are removed when subject lines have non-ASCII characters 5 Low Mark Sapiro  10 Fix Released
1619770 #1619770 cron/senddigests needs an exceptlist option 5 Low Mark Sapiro  10 Fix Released
1620121 #1620121 The provided SYSV init script for mailman in missing LSB INIT INFO 5 Low Mark Sapiro  10 Fix Released
1637745 #1637745 DMARC moderation could throw NameError in logging. 5 Low Mark Sapiro  10 Fix Released
1644356 #1644356 UnicodeError when attempting to send digests 5 Low Mark Sapiro  10 Fix Released
1647450 #1647450 bin/add_members causes NameError when DISABLE_COMMAND_LOCALE_CSET = yes 5 Low Mark Sapiro  10 Fix Released
1661810 #1661810 Certain Malformed list names throw TypeError: in roster CGI 5 Low Mark Sapiro  10 Fix Released
1664729 #1664729 Processing a probe bounce from a deleted member throws NotAMemberError 5 Low Mark Sapiro  10 Fix Released
1667215 #1667215 Uncaught TypeError in subscribe CGI with multiple digest flags in post/query data 5 Low Mark Sapiro  10 Fix Released
1670033 #1670033 Text blocks, e.g. msg_footer, might not end with linefeed 5 Low Mark Sapiro  10 Fix Released
1673307 #1673307 msg_header and/or msg_footer can be added as a separate MIME part even if only whitespace. 5 Low Mark Sapiro  10 Fix Released
This milestone contains Public information
Everyone can see this information.